Tech Services Security

Technology Use Policy – Security

Passwords – Change your password often (required every 180 days).  A password is your “key” to Alverno’s technology resources.  When choosing a password, use the following guidelines:

• Use at least eight to 200 characters (a combination of letters and numbers); cannot reuse the last five passwords
• Pick a password that is easy for you to remember, but that others would not likely be able to guess;
• Do not write down your password because someone might see it and use it;
• Choose a unique password (not the same password as the one you use for online shopping or banking).
• NEVER share your password with other individuals. Remember they could use your password, delete your files, impersonate you, or change your password to lock you out of your account. 

Access Restrictions

Do not distribute your password or the password of another user.  Do not use other’s passwords.  These are serious violations of this policy.  Attempting to disable or determine an access password (or assisting others in doing so) is prohibited.  Such activities threaten the work and privacy of many individuals.  Respect the restrictions imposed by the technology resources of other individuals and organizations.  Do not attempt to circumvent access restrictions.  Violation is grounds for immediate suspension of access privileges or other disciplinary action. 

To maintain network security, accounts are deleted on a regular basis.  Account deletion includes but is not limited to removing access to Alverno’s network, deleting files in individual home directories, cloud storage (H drive, OneDrive, Google Drive, OneNote, Moodle, etc.) and deleting email. 

• Student accounts are active for six (6) months after graduation.  After that time the account is deleted. 
• Accounts for students whose status changes to Official Withdrawal or Dismissed are deleted shortly after the status change is made.
• Accounts for Students on Leave remain active.  If a student’s status changes from Student on Leave to Official Withdrawal, the account is deleted.
• Employee accounts, including student employee accounts, will be disabled/deleted upon separation of employment.

Use of Others’ Technology Resources 

When using the technology resources of others through Alverno’s facilities, these policies apply.  Information providers or networks outside Alverno College may also impose their own conditions for use and you are responsible for following any additional restrictions.

Monitoring and User Privacy 

Treat all electronic communications as potentially accessible by others.  Please consider this before sending confidential information electronically.  Alverno College considers electronic mail and other electronic information to be private although it is Alverno property and can be accessed by Alverno personnel.  Although this information must be accessed by system personnel for the purpose of backups, network management, troubleshooting and maintenance, the content of user files and network transmissions will not be viewed, monitored, or altered without the consent of the user unless the College has reason to believe that an account or system has been breached and is being used by someone other than the authorized user, the College has received a complaint that an account or system is being used to gain unauthorized access or to attempt to gain unauthorized access to another network site, or the College has reason to believe that an account or system is being used in violation of the Technology Use Policy, federal or state law or impacts system integrity.  In these circumstances, the Campus Network Security Team, Director of Human Resources, Dean of Students or other person of authority may authorize system support personnel to monitor the activities of a specified account or computer system and to search electronic information stored in that account.  The authority for this search must be requested on an account-by-account basis and monitoring will be restricted to the specified account.  If this search provides evidence of a violation, the account will be disabled and action will be taken with the proper authorities. 

Disciplinary Actions

Alverno College reserves the right to revoke the technology access of any user at any time regardless of enrollment or employment status.  Procedures for disciplinary actions involving students are outlined in the Student Handbook; Disciplinary procedures for staff and faculty are described in Alverno & You. Alverno College reserves the right to take the following actions in response to technology violations:

• Send a verbal, written, or electronic mail warning;
• Allow only restricted access privileges;
• Suspend computer or other technology access for a temporary time;
• Revoke all computer or other technology privileges;
• Assign an “Unsatisfactory” (if violation relates to student course work);
• Allow other discipline up to and including dismissal from the College or termination of employment.

Minor infractions of the Technology Use Policies, when accidental, such as consuming excessive resources or overloading computer systems, are generally resolved informally.  This is done through electronic mail or in-person discussion and education.  Repeated minor infractions or more serious misconduct may result in additional disciplinary actions. 

More serious violations include, but are not limited to:

• Unauthorized use of computer resources
• Copyright violations
• Attempts to steal passwords or data
• Transfer or display of offensive material
• Harassment, or threatening behavior
• FERPA or HIPAA privacy rule violation

In addition, offenders may be referred to their supervisor or other appropriate College offices for further action.  If the individual is a student, the matter may be referred to the College Community Relations Board for disciplinary action.  Any offense which violates local, state, or federal laws may result in the immediate loss of all technology privileges and will be referred to the College Community Relations Board (students), your supervisor (faculty/staff) or other appropriate College offices and/or law enforcement authorities.

In cases where the integrity or functionality of the network or a multi-user system is in jeopardy, College personnel involved in network security are authorized to take immediate steps to prevent further damage - up to and including disabling user accounts and disconnecting a user’s computer from the campus network.